0

I have a node.js server with express that serves an https web. The server is runing Windows 10. I have configured a no-ip ddns with ssl certificates. The web is on port 3000 and I want to start a reverse proxy with nginx to access it without having to specify the port, just the domain name. The problem is that nginx is working for local network machines but not external ones. This is the config for nginx:

worker_processes 1;
error_log  logs/error.log;
error_log  logs/error.log  notice;
error_log  logs/error.log  info;
events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;


sendfile        on;
keepalive_timeout  65;

server {
    listen 80;
    server_name servidordelacruz.dynns.com;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name xxxxxx.dynns.com;

    ssl_certificate      route_to\noip_fullchain_cert.pem; 
    ssl_certificate_key  route_to\cert.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass https://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}



}

I have ports 80 and 443 open on the router for the server and just for testing the windows firewall is disabled entirely. I also confirmed the ddns is working since I also have a minecraft server that is accesible. In the access.log file I can also see that the phone reaches the server:

X.X.X.X - - [05/Nov/2024:20:52:40 +0100] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Android 15; Mobile; rv:132.0) Gecko/132.0 Firefox/132.0"

Finally, in the errors. log file I see this error constantly:

2024/11/05 21:05:46 [info] 5276#10252: *943 SSL_do_handshake() failed (SSL: error:0A000412:SSL routines::sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: X.X.X.X, server: 0.0.0.0:443

The client IP is my own public IP. I read that it might not be important though.

Alejandro
  • 11
  • 2

1 Answers1

1

I found the answer some months ago but I forgot to post it here.

The problem was the ports, even though it seemed like they where open they where not. So obviously if the ports are not open nginx does not work. So I had to find a way to run nginx on a different port and for that I had to change somethings.

My workaround was to use cloudflare instead of no-ip. I bought a domain there (7€ so pretty inexpensive) and configured some A records and a ddns with Favonia Cloudflare-ddns.

With that I was like before with no-ip but I have cloudflare which has a lot more options. i configured security, caching and a couple of things that no-ip did not have and finally I started with the ports thing.

What I did was create an Origin Rule with a Custom filter expression for the hostnames that had to be proxied like plex.example.com and set the destination port to a port that I could open in my router and configured nginx like this:

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;

server {
    listen AVAILABLE_PORT ssl;
    http2 on;
    server_name plex.example.com;
    ssl_certificate ./cert.pem;
    ssl_certificate_key ./cert.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    add_header <Headers rules>

    location / {
        proxy_pass https://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_ssl_server_name on;
        proxy_connect_timeout 10s;
        proxy_send_timeout 30s;
        proxy_read_timeout 30s;
    }
}



}

And with that I managed to get my page up and running!

Alejandro
  • 11
  • 2